I just love OpenSSH. That is the single greatest tool on unix-like operating systems, as far as I am concerned. I’ve blogged about SSH plenty. SSH tunneling, SSH forwarding, SSHFS and more. Needless to say, I believe that SSH is the single most flexible and powerful package on unix-like operating systems. And, with this post, it just gets better.
First, I’m not sure if you are aware, but in your ~/.ssh/config file, you can specify all the servers that you connect to, with their associated port (being that they are running SSH on a non-standard port other than 22). This makes it easy on the typing when sitting at the shell. For example, rather than type this:
aaron@hercules:~$ ssh -p 22222 firstname.lastname@example.org
I can add the following to my ~/.ssh/config file:
Host some.remote.server.com Port 22222
Now, I just need to type:
aaron@hercules:~$ ssh email@example.com
Very nice. Of course, there is a lot more you can put in your SSH config file, and you can have multiple hosts with their associated ports in the file as well. If you look at your /etc/ssh/ssh_config file, you can see a much broader range of options that can exist in your ~/.ssh/config.
Next in line is your SSH keys. You can setup your SSH server to allow key-based authentication rather than the traditional user/password. Which means, that rather than enter your password every time you try to connect to a remote SSH server, you can have your SSH key authenticate you automatically. First, you need to generate a key:
aaron@hercules:~$ ssh-keygen -t dsa
Enter a passphrase for your key, and give it the name of the file to save it to (default is fine). Now that you have a DSA SSH key generated, we need to get that key on the remote server, so we don’t have to type our password all the time. So, this is where a really cool tool called ‘ssh-copy-id’ comes in. ssh-copy-id is just a script that makes an SSH connection to the remote server specified, secure copies the newly generated key over and appends it to ~/.ssh/authorized_keys. For example:
aaron@hercules:~$ ssh-copy-id -i .id_dsa.pub firstname.lastname@example.org
It will ask for the user password just once, as you need to verify you are who you say you are. When entered correctly, the key is copied over and appended. You need the ‘-i’ to take your identity with you. This isn’t always needed, but type it anyway in good practice, as it will never hurt anything. Now, when logging into some.remote.server.com, you won’t need to worry about entering your password. The server will look at the SSH keypair, and if they match, you’re set. You should, however, add your SSH identity before connecting, otherwise, you’ll always be prompted to enter your SSH key passphrase. This can easily be done with:-
Now, you’ll be asked for your passphrase once. Your SSH identity will be added to the keyring, and you can SSH to the remote server as many times as you like, save your identity is saved in the keyring. Gnome provides this keyring by default, so, if you stay logged into Gnome, so will your SSH identity. As soon as you log out and then back in, you’ll need to re-add it.
So, there you go. Two simple tips to get your OpenSSH behaving the way you want, and with ease. Key based authentication is the only way to go, definitely if developing on the remote server with SVN+SSH. Your password can be a major problem.